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^ stamp and authenticate digital documents, comprising a clock and digital circuits. The clock uses 
a power-supply system designed to avoid failure, and the notary stops functioning should any 
failure of the clock or power source be detected. The time and/or document is authenticated by a 
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so that the clock time may not be changed or the secret key discovered wrthout detection. The 
security and usefulness of the system rests on the integrity of this seal. A user may supply a 
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user archived the document at the time stamped so that missing documents in a file may be 
identified. The notary also may supply an identification number and sequence number to be 
authenticated with the time and/or document to identify the notary and to detect deletion of 
documents and/or possible excessive use of the notary. A mode of operation of the notary is 
available in which it computes a standard format of a document before authentication so that 
copies of the document made by different methods, e.g. handwritten facsimiles, may also be 
authenticated. The system may be used in conjuction with a computer to ensure that the 
computer is booted with the correct time. Using either private or public key techniques, the time 
and/or documents may be verified without direct access to the secret key. 
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(57) Abstract * : ' 

A digital system, called a notary, designed to (1) provide authenticated time and/or (2) to time stamp and authenticate digi- 
tal documents, comprising a clock and digital circuits. The doclc uses a power-supply system designed to avoid failure, and the 
notary stops functioning should any failure of the clock or power source be detected. The time and/or document is authenticated 
by a secret key in the digital circuit which is inaccessible from outside the notary. The system is sealed so that the dock time may 
not be changed or the sewet key discovered without detection. The security and usefulness of the system rests on the integrity of 
this seal. A user may supply a digital signature and sequence number to be authenticated so that it may later be verified that the 
user archived the document at the time stamped so that missing documents in a file may be identified. The notary also may sup- 
ply an identification number and sequence number to be authenticated with the time and/or document to identify the notary and 
to detect deletion of documents and/or possible excessive use of the notary. A mode of operation of the notary is available in 
which it computes a standard format of a document before authentication so that copies of the document made by different meth- 
ods, e.g. handwritten facsimiles, may also be authenticated. The system may be used in conjuction with a computer to ensure that 
the computer is booted with the correct time. Using cither private or public key techniques, the time and/or documents may be 
verified without direct access to the secret key. 
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DEVICES TO (1) SUPPLY AUTHENTICATED TIME AND 
(2) TIME STAMP AND AUTHENTICATE DIGITAL DOCUMENTS 

BACKGROUND OF THE INVENTION 

This invoition relates to devices and means, at least partly in hardware (1) to 
5 provide autheiticated time to a computer or other user; and (2) to assure that 
a specified digital documoit did in fact originate with a particular person and 
was stamped at a particular time and in a particular order by a particular device 
(the "arbitrator" or "notary"); 

In recent years there have been many articles in the trade and popular press 
10 describing incidrats in which computer records have be&n msed or altered 
illegally. 

Compute records are particularly liable to such alteration; they can be less 
secure in this respect than are paper records because an altered paper record 
15 may reveal erasures. Even if a pap&r record is created ftom scratch, the age 
of the paper or ink on a single sheet of paper, or progressively in a bound 
notebook, may reveal the forgery. Such aging does not occur for computer 
records. And, of course, handwriting or other forensic analysis may reveal that 
a paper document was signed by other than the nominal author. 

20 Even permanrat records on such WORM devices as optical disks may be read 
and re-written, possibly with falsified dates, on a fresh disk after making 
desired alterations. 

This, and many other falsification techniques available, for example, to a 
superuser or other "owner" of a computer system would be made more difficult 
25 if all computers were required by hardware to access an authenticated source 
of time in order to set the system clock. 
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From a positive point of view, it would be desirable if computer records could 
take the place of p^r records for legal purposes, thus minimizing the large 
volume of stored paper. 

As another use, a person keeping a diary would like to be sure that the record, 
5 once committed to the permanent computer recording device cannot be 
imdetectably altered, even by himself. 

In these cases it may be important that archived records be traceable to the 
person who actually created them, that the records be unaltered, unalterably 
time-stamped and sequaced, that it be clear which physical device (the 
10 "notary") actually performed the time stamping and authentication, and that 
access to the records be controlled by passwords and other means. 

It would also be desirable if paper copies of the original digital records could 
be certified as auflientic; i.e. tiiat it could be verified that each copy was 
archived by a particular person cm a particular machine at the indicated time. 
15 It would also be desirable if it could be shown that no documents are 
missing firom a nominally complete file of the paper records. 

In the present invention ttiese goals are achieved by the use of a sealed digital 
procesang circuit, called an arbitrator (or "notary"), whidi contains a real-time 
20 clock which dther can not be reset, or can be reset only under strict 
procedures, and an authmtication circuit which can compute digital signatures 
using a secret key, inaccessible from outside. 

For the purpose of (1) providing authenticated time, the first aspect of the 
invention, the arbitrator computes an authentication check (signature) over the 
25 time from the sealed clock and tiie arbitrator's identification number (ID) and 
upon request returns the time and signature to the user. If the signature was 
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computed using private key techniques then the user or other verifier may 
validate the signature by recomputing the signature with a supplemental device 
which also contains the secret key in an inaccessible form. This would, of 
course, be preferable to allowing the user to have direct access to the secret 
5 key, since this would enable him to felsify the signature. Many other 

methods for generating and validating signatures using private keys may be 
foimd in the open cryptographic literature. 

If the signature of the time and ID was computed using public key techniques 
then the verification of the signature may be performed using the public key 
10 without any form of access to the secret key. 

In some applications the user may want to ensure that the time and 
authCTticating signature received is not simply a copy of a previous message. 
This can be assured by the user generating and sending to the arbitrator a 
random number which the arbitrator then appends to the time firom the sealed 
15 clock before computing the digital signature. The signature then verifies that 
the time was not authenticated before the random number was generated. 

For the purpose of (2) authraticating documents, a second aspect of the 
invention, the arbitrator computes a signature over the full text of the document 
(or in some cases pref^a^ly of a hash of the fiiU text of the document), a 
20 sequence number provided by the user, the user's digital signature, the internal 
clock time, the arbitrator's ID, and the arbitrator's sequrace number. The 
arbitrator then returns this signature to the outside where it can be verified 
using the public key and compared to the original. 

In order to provide background information so that the invention may be 
25 completely understood and appreciated in its proper context, ref^ence is made 
to a prior art patent application and to a publication in methods of 
time*stamping digital documents as follows: 
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U.S. Patent AppUcation Serial No. 07/375,502 by Blandford discloses a digital 
systOTi in which an arbitrator time stamps digital data records, and computes 
an authwitication check (signature) on the data plus time using a key 
inaccessible from outside of flie system. The system then stores the data, time, 
5 and authratication dieck on a secure memory storage device. The complete 
system is sealed so that the clock cannot be surreptitiously reset, and the clock 
is provided with non-stop power. The Application discusses how even if the 
digital records are later copied from the memory storage device the digital 
signature can be used to certify that the record was recorded at the specified 
10 time on the particular system. 

Of course the security this of arbitrator Systran rests largely on the degree to 
which the sealing means cannot be subverted. Should this be possible the clock 
could be reset and/or the secret tey discovered, resulting in the possibility of 
forg^. 

An article in "Advances in Cryptology-Crypto '90," Springer-Verlag, LNCS 
by Stuart Haber and W. Scotte Stometta ©ititled "How to Time-Stamp a Digital 
DocumKit" discloses means for a coitral Time Stamping Service (TSS) to 
time-stamp documrats submitted to it by differmt users. "Reliable" time is 
achieved by means quite different from the use of the sealed, non-resetable 
clock discussed above. On the other hand the basic motivation to provide 
document authentication from calculation on a "reliable" time stamp and the 
digital document itself, is similar to that of Blandford and of the presmt 
application. 

In their first approach, Haber and Stometta achieve the time stamping by 
25 computing a digital signature on a hash of the document, plus the users ID, plus 
the time, plus a sequmce number assigned by the TSS, plus information linking 
this request to the previous one (the time, ID, and hash of k previous users). 



15 
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(Haber and Stometta discuss ciyptographically secure one-way hash functions 
(hereafter referred to simply as a "hash") and provide a reference to a practical 
source of such functions.) The TSS also evratually provides the user with the 
IDs of k subsequent users. The time information is thus constrained to be 
5 approximately authenticated by the fiact that the user, or some other verifier, 
could later consult the users previous and subsequent to the document in 
question and check that the publicly authmticated times and hashes do constrain 
the time and message. 

In thdr second approach fhere is no TSS; the usct simply sends the hash out to 
10 a carefully randomly selected set of authenticators; they append the time from 
their own clocks and return a set of auihraticated signatures. 

Both of Haber and Stometta's ^roaches are vuln^able to collusion on the part 
of a set of users; especially, for example, in the case where the network of 
users is all in a single institution und^ a single system manager, e.g. a single 
15 large manufacturer, or government agracy, or insurance firm. Basically the 
unlikdihood of this collusion must be balanced against the unlikelihood in the 
present application of being able to clandestinely break the seal on the arbitrator 
and und^ectably alter the clock or determine the secret key. 

Also, since diey require timdly access to a communication system and to one 
20 or more cooperating and reliable computer systems, the ^roaches of Haber 
and Stometta are unsuitable for an isolated system such as the typical personal 
computer or portable "diary" or to "secure" users which would prefer to have 
no contact with outside users. 

Of course it would be possible to combine the strengths of the two different 
25 s^roaches to providing authenticated time by providing Haber and Stometta's 
TSS, or each of the users in their hypothetical network, with a source of 
secure, authenticated time as discussed by Blandford and in this application. 
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Whatever the precise merits, features and advantages of the above cited 
references, none of them achieves or fulfills the purposes of the preset 
invention. 

SUMMARY OF THE INVENTION 

5 It is an object of the first aspect (1) of the present invention to provide a device 
\diich can provide authraticated time to any client; and it is a second object to 
provide means to ensure that a computer making use of this device cannot be 
booted with an incorrect time. 

The first object may be achieved by sealing togeth^ in a single pacteige a 
10 digital real-time clock and an Mcryption circuit with a secret key which is 
inaccessible firom outside the system. Hie seal should be tamper-proof so that 
a breach of it is apparent upon inspection and so fliat a breach of the seal will 
cause tfie system to permanCTtly cease opaation. Hie overall circuit may 
be referred to as the arbitrator. 

15 The clock is to have a power supply designed to provide continuous power for 
the useful life of the system. The clock is also to be designed to be 
non-resetable, or to be non-resetable without execution of a carefiiUy prescribed 
procedure, and the arbitrator is to shut down should the power supply to the 
clock fail or should some other systrai diagnostics feil. In some realizations it 

20 might be usefiil to allow the clock to be re-setable and for the arbitrator to 
restart so long as a permanmt, accessible record of the starting and stopping 
were kept in non-volatile memory within tiie sealed arbitrator. It would be 
useful if access to different functions of the arbitrator were controlled by 
password or otho: similar means. 

25 Hiis source of auttienticated time can be used to achieve the second object, that 
a computer system cannot be bootod with the incorrect time. This is done by 
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providing that a critical elemrat, an element without which the computer cannot 
operate, of the computer is sealed together with the computer clock and with 
a circuit which can generate and output a large random number and which can 
verify the digital signature computed over the random number, the time, and 
the ID provided by the authwiticated time device. This seal should have the 
same properties as that of the arbitrator itself. (The source of authenticated 
time could, of course, be within the computer itself; and could even be the 
computCT clock itself and be sealed together with the critical element of the 
computer. In this latter case, however, there would be no need for encryption; 
the computer would simply always get its time from the un-resetable sealed 
clock.) 

The computer clock is started and the computer booted up only if the time can 
be verified to have come from a source of authenticated time. If public key 
techniques are used then there is no need to make the public key within the 
computer inaccessible; with many private key techniques the key in the 
computer would have to be inaccessible to eliminate the possibility of 
falsifying the time. To ensure that a previously recorded time and signature 
was not being resubmitted to the computer, the system sealed within the 
computer could generate a random number and send it to the arbitrator which 
would then ^pend it to the time and arbitrator ID before calculating the 
signature and returning it to the computer. The computer could then be sure 
that the time did not originate before the random number was generated. 

It is an object of tiie second aspect (2) of the present invration to provide a 
device and means which can authenticate the autiior, t^t, time, and time 
stamping device (arbitrator or notary) of a digital document, and which ensure 
that one or more digital documwits cannot be removed from a sequenced file 
of such documents without that fact being apparent. 
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This object may be achieved by adding to the capability of the arbitrator 
discussed above the capabiKty of observing data arriving from the user and of 
computing the signature over tliat incoming data (or in some raibodiments a 
hash of tiiat data) togetha: with the authenticated time and the arbitrator ID. 
5 In addition to the documrat data the incoming data would include the 

user's digital signature, previously computed by the user over the document 
data, or hash of flie documrait data, and the user*s sequence number. A^dn, 
the user's signature in the authaiticated documwit could be verified eithCT by 
public or private key techniques. 

10 If the full documrat data were presrated to die arbitrator, the signature could 
be computed either over the complete document, or the arbitrator could first 
compute a hash of the document and compute the signature only over the hash 
plus the user's signature and sequoice numba:, the time, and arbitrator ID and 
sequence number. If the usex had already performed a hash on the original 

15 document, an additional hash would be unneeded. Perh^s no hash would be 
computed for data below some fixed number of bits. The final digital signature 
is presented to the user at the ou^ut ports of the arbitrator. The arbitrator 
might also make available to the user at the output ports the original data so 
that the user could compare the data s«it with the data r^umed in ordCT to 

20 verify that the signature had bera derived fix)m the specified data. 

Note that if a usar should choose to append consecutive sequence numbers to 
the text of each documrat that he requests to be authaiticated and which he then 
places in a particular file, thm it will be possible for a verifier to check if 
docummts have heexi rranoved from the file simply by looking for numbers 
25 missing in the sequOTce. Because of the authentication of the sequence 

number and date it would be impossible, even for the own^, to erase a 
document and then adjust the subsequKit sequence numbers in the file without 
also changing all the dates. Similarly a document could not be changed without 
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also changing the date to a later date, which may well have to be later than that 
on the following document in the file. Of course this last benefit is 
obtained whether or not there is a sequence number. 

The arbitrator might usefiilly have a mode of operation, if presented with ascii 
5 text, in which the authentication is calculated only after the documrat text has 
been transformed to a standardized, but still readable, format, e.g. with one 
space between all words and symbols, no tabs or new lines, and with data 
in unusual formats, e.g. scientific formulas, omitted from consideration. 
Obviously, transformations which would reduce formulas, tables, special fonts, 

10 etc. to a standard form are also possible. (Complex documents, e.g. digital 
pictures, if they are to be recognizable, would have to be archived in their 
original digital form in order to be verifiable.) In this way a convrational ascii 
document could be verified even if it had previously been copied in ways such 
as reding or even cursive transcription, which altered the paragraph or word 

15 spacing format. 

It could also be useful, for the notary itself to append and authenticate its own 
sequence number to each document Hiis could be useful in cases where a 
single us^ did not append his own sequence number. It could also be useful 
if there were only a few uscts of the notary so that a document could be found 
20 to be missing from one user's files by examination of the files of all 
of the other users. 

This completes the summary of the invention; it can be seen that the invention 
has been presented in two aspects, the later aspect is an enhancement of the 
first. 

25 BRIEF DESCRIPTION OF THE DRAWING 
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Fig. 1 is a block diagram rqwesraitation showing the relationship of the 
components of the system which supplies authenticated time. It also serves as 
a block diagram rq)resentation for the system which suppUes autiienticated 
time, author, notary and sequraice for digital documoits. 

5 DETAILED DESCBOPTION 

The prefened embodiment of the aspect of the present invention a system (1) 
whidi will supply autiienticated time will now be described by refetoice to Fig. 
1. 

In Fig. 1 we see that tiie time source or arbitrator 3 is comprised of a random 
10 acces memory (RAIKQ 10, some part of which is non-volatile e.g. EEPROM, 
amioocontroller 11, programmable read-only memory (PROM) 12, areal-time 
clock 13, and an encryption drcuit, 14. The arbitialor also has an I/O drcuit 
8, by means of which tiie arbitiator may, under control of tiie microcontroller 
11, observe flie state of the external communication lines and by means of 
15 which data may be presoited by tiie miraocontroIlK' 11 to tiie external 
communication lines. Communication between tiie microcontroller 11 and flie 
other devices is carried out via a microprocessor bus 9. 

All of tiie above compwiaits are packaged or sealed in a manner whidi makes 
flian and flidr stared data physicaUy inaccessible wifliout making such an 

20 intrusion appateat upon inspecticm and causing the arbitrator itsdf to 
permanaitiy cease operation. The arbitrator could be assembled as a 
conventiooal dup set and encapsulated wifli a tamper protection system 5. Or, 
in tiie prefened embodiment, it could be manufectured as a single chip 
padoge built so fliat any attempt to probe flie system, foi example to determine 

25 flie secret key, would in feet destroy the infiirmation. This could be 
accomplished wifli a combination of piezo-electtic drives (to destroy flie MOS 
gales in flie memory devices if flie package were stiessed sufRdentiy or if stress 
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in the package were released) and conducting lines on the IC or package which 
would oxidize rapidly if the package were opraed in the air. These latter 
protection means are also symbolized by 5 in Fig 1. 

The software for the arbitrator is contained in the PROM 12. The other 
5 memory in the arbitrator is the RAM 10. A principle use of this memory is to 
s^e as temporary storage during calculation of the digital signature. The 
non-volatile part of RAM 10 maintains a record of any occasions when the 
clock was stopped and restarted. 

The real-time clock 13 supplies the time which is appended to the input 
10 arbitrator ID. The power supply to the clock is a trickle-charged battery. The 
battery is to be accessible from outside the arbitrator 3 so that it can be 
replaced in the power-up state without affecting the clock 13. This results in 
the ability to maintain steady non-stop power to the clock for an indefinitely 
long time. Tlie clock time is originally set at the factory. 

15 The encryption device 14 is used to compute a digital signature on the time plus 
the arbitrator ID (signature data) using RSA public key tedmiques. Appropriate 
references to this subject may be found in the paper by Haber and Stometta 
referred to above. 

During pow^-up the I/O drcuit 8 comes up with its input ports disabled. This 
20 ensures that the arbitrator 3 is isolated and that it is not possible to seize control 
of the arbitrator 3 during power-up. After power up the microcontroller 1 1 is 
in control and effectively isolates the arbitrator. 

In the preferred mode of op^tion the microcontroller 11 monitors the I/O 
circuit 8. When a request for authenticated time is detected, the 
25 microcontroller 11 inputs a 64 bit random number supplied by the user, the 
correct time is retrieved from the real-time clock 13 and appended to the 
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random number, the arbitrator ID is zppended, and the digital signature is 
computed on the combination. Thai the random number, time, ID, and 
signature are presented for ou^ut to the I/O circuit 8 under control of flie 
microcontroller 11. 

5 Should the powCT, or system diagnostics, of the clock 13 or of other elemaits 
of the arbitrator 3 feil in such a way as to cast doubt on the int^ty of the 
clock or of other elemrats of the arbitrator 3, the microcontroller 1 1 will store 
a permanCTt record of this fiact in the non-volatile part of RAM 12, and 
respond to subsequent requests from the users with a default message indicating 

10 feilure until the clock 13 has hem reset, which is possible in this embodiment. 
(A simpler and more secure, but less flexible embodiment would not permit 
resetting. This could be ensured by setting a bit in the non-volatile part of 
RAM 12). If, as above the clock or other demrat of the arbitrator has failed, 
so long as power has been restored or is otherwise available to the clock 13, the 

15 micOTController 11 will monitor the I/O circuit 8 for a command to reset the 
clock 13. Upon receiving such a command it will check that the clock has 
stopped, prompt for a password, required to provide flexible access control of 
all system operations, dieck that the new start time is later than the previous 
stop time, stored in the non-volatile part of RAM 12, perform other system 

20 diagnostics, and restart normal operations of the arbitrator if aH checks 

are positive. The stop and start times are to be permanent records and are to 
be accessible for reading out at any time, also under password access control. 
Should the non-volatile part of RAM 12 be filled by a series of stops and starts, 
the system could no longer be used. 

25 To use this device to ensure that a computer could not be booted with incorrect 
time, a critical element of the computer, in this raibodiment the CPU chip, 
would be sealed, using means such as discussed above, with the public key and 
a random number gaierator which generates a different 64-bit number as an 
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authenticating signal each time it is called by using a secret key to encrypt a 
number which is incremented with each boot and which is stored in non-volatile 
RAM. Upon booting the chip would generate the 64-bit random number and 
send it to the arbitrator. Only if a signature was returned verifying the random 
5 number (which the arbitrator added to its ID before the signature was 

computed) and the expected arbitrator ID, would the returned time (checked to 
be later than the previous stop time) be used to set the computer system clock. 
Otherwise the CPV would refuse to boot. 

No othw signals presrated to the I/O 8 constitute valid commands to the 
10 microcontroller 11, so that it is impossible for the user of the arbitrator 3 to, 
e.g., reset the clock to an earlier time or to detect the value of the secret key. 

It may not be necessary to add the notary ID to the time, since in many 
applications the secret key will be unique, and successful decryption of the 
signature will idmtify the notary. However, for those cases where the keys are 
15 not unique, or simply for reasons of convenience and simplicity, it will likely 
usually be useful to add the notary ID. 

A few modifications of the system described above to supply authenticated time 
are needed to provide a system (2) which will provide authentication for a 
digital documrat of the user ID, text (or other digital data), user sequence 
20 number, time, and notaiy ID and sequmce number. 

In this case, instead of simply presenting a request for authenticated time at die 
I/O circuit 8, the user presents a message comprising the user's public key 
digital signature, tiie user's document sequaice number, and the text itself. 

The microcontroller then uses the encryption circuit 14 to compute a hash over 
25 the input text and to append to the hash and the other data the internal time, the 
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notary ID, and the notary sequence number, resulting in the signature data. 
Naturally the details of the hash computation must be known to any user or 
verifier. Next, a digital signature is computed over the signature data using a 
secret key and the signature is returned to the I/O 8. 

5 In a second process, the microcontroller will also, before hashing is performed, 
parse the portions of tiie input text indicated by the user to be simple text and 
reduce it to a standard format, in this embodimmt a format in which only asdi 
characters on a standard keyboard are consid^^, tabs and new lines are 
ignored, and in which there is only a single space between each word. This 

10 format is more invariant under sev^ forms of transcription and thus copies 
are more easily verified by recomputation of the digital signature, as discussed 
above. A signature is th^ also computed and returned in which only the 
bash of this transformed version of the tMt is in the signature data, together 
with the user signature and sequ«ice number, the time, notary ID, and notary 

15 sequence number. 

The notary sequence number might also wdl be computed and appmded to the 
time before tiie signature was computed in the first aspect of the invention 
where the only function of the notary is to supply authaiticated time. If users 
of tiie notary could examine tiiis sequoice nrnnb^ they might detect if attempts 
20 were being made to deduce the seoet key using plain text attack using rqyeated 
requests for authenticated time. 

Alfliough these embodimwits have hcesa revealed in terms of the use of a public 
key encryption system with a single secret key, more complex systems could 
use multiple keys and oflier secret encryption data kept inaccessible within the 
25 notary to implemmt other signature methods both public and private. 

Two aspects of the invention have thus been revealed: (1) A device and means 
for providing authenticated time to users, and for using such device and means 
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to ensure that computers cannot be booted up without setting their clocks to an 
authoiticated time, and (2) A device and means for auth^ticating digital 
documents with respect to user, user sequence number, text, date, notary, and 
notary sequence number. 

5 The foregoing descriptions of the preferred embodiments of the two aspects of 
the invention have been presented for the purposes of illustration and 
description. They are not intended to be exhaustive or to limit the inventions 
to the precise forms disclosed. Many modifications and variations are possible 
in light of the above teaching. It is intended that the scope of the invention be 
10 limited not by this detailed description, but rather by the claims appended 
hereto. 
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What is claimed is: 

(1) A sealed source of authenticated time, here called a notary, comprising a 
clock, computing means, and encryption means which performs operations 
comprising: receiving requests for auflimticated time, retrieving the time from 
said clock, computing, using racryption data inaccessible from outside said 
3 notary, a notary digital signature on signature data conq)rising said time 
and returning said time and said notary digital signature to the user. 

P) The notary of claim (1) in which said notary fiirthCT comprises means to 
receive an authenticating signal and to confute said notary digital signature 
over signature data comprising said time and said authentication signal. 

(3) Hie notary of claim (1) in which said notary further comprises means to 
ensure non-stop power to said clock. 

(4) The notary of claim (1) in which said notary furtiier comprises means to 
ensure that should power to said clock fail, or should said notary £ul 
diagnostics, that a default message is returned and that said notary will no 
longor return said time and said notary digital signature. 

(5) The notary of claim (1) in which said notary fiuth^ comprises means to 
rasure that should power to said clock fail, or should said notary fail 
diagnostics, that a default message is returned and that said notary will no 
longer return said atime and said notary digital signature, and that said clock 

3 may be subsequmtiy reset and said notary restarted, and a perman^t 

record of said failures be kept in said notary, and said permanent record be 
accessible from outside said notary, and that all said actions are imder a system 
of access control. 

(6) The notary of claim (2) in which said notary further comprises means to 
ensure non-stop power to said clock. 
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(7) The notary of claim (2) in which said notary further comprises means to 
CTsure that should power to said clock fail, or should said notary fail 
diagnostics, that a default message is returned and that said notary will no 
longer return said time and said notary digital signature. 

(8) The notary of claim (2) in which said notary further comprises means to 
ensure that should power to said clock fail, or should said notary fail 
diagnostics, that a default message is returned and that said notary will no 
longer return said atime and said notary digital signature, and that said clock 

5 may be subsequently reset and said notary restarted, and a permanent 

record of said fiailures be kept in said notary, and said permanent record be 
accessible from outside said notary, and that all said actions are under a system 
of access control. 

(9) Hie notary of claim (3) in which said notary further comprises means to 
CTsure that should power to said clock fail, or should said clock fail diagnostics, 
that a default message is returned and that said notary will no longer return said 
time and said notary digital signature. 

(10) The notary of claim (3) in which said notary further comprises means to 
msure that should power to said clock fail, or should said notary fail 
diagnostics, that a default message is returned and that said notary will no 
longer return said atime and said notary digital signature, and that said clock 

> may be subsequently reset and said notary restarted, and a permanent 

record of said failures be kept in said notary, and said permanent record be 
accessible from outside said notary, and that all said actions are under a system 
of access control. 

(11) The notary of claim (6) in which said notary further comprises means to 
ensure that should power to said clock fail, or should said notary fail 
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diagnostics, that a default message is returned and that said notary will no 
longer return said time and said notary digital signature. 

(12) The notary of claim (6) in which said notary further comprises means to 
ensure that should power to said clock fell, or should said notary fkil 
diagnostics, that a default message is retumed and that said notary will no 
longer return said atime and said notary digital signature, and that said clock 

5 may be subsequently reset and said notary restarted, and a pennanrat 

record of said failures be kept in said notary, and said permanent record be 
accessible from outside said notary, and that all said actions are under a system 
of access control. 

(13) In claims 2, 6, 7, 8, H, 12 said notary communicating with a remote 
computer system comprising means to generate said authraticating si^ial sealed 
with a critical element of said remote compute system; said means graerating 
said authenticating signal when said remote computer system is booting, and 

5 said remote computer system using said aufhraticated time to initiate 
the system clock of said remote compute- system. 

(14) A sealed device, here called a notary, for time stamping and authwiticating 
digital data, comprising a clock, computing means, and oicryption means, said 
notary performing operations comprising: receiving requests for time staniping 
and digital data authaitication, retrieving the time from said clock, computing, 

5 using encryption data inaccessible from outside said notary, a notary digital 
signature over signature data comprising said time and said digital data, and 
returning said time and said notary digital signature. 

(15) Hie notary of claim (14) in which said notary further comprises means to 
ensure non-stop power to said clock. 
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(16) The notary of claim (14) in which said notary further comprises means to 
ensixre that should power to said clock fail, or should said notary £ail 
diagnostics, that a default message is returned and that said notary will no 
longer return said time and said notary digital signature. 

(17) The notary of claim (14) in which said notary further comprises means to 
oisure that should power to said clock ^1, or should said notary fail 
diagnostics, that a default message is returned and that said notary will no 
longer return said atime and said notary digital signature, and that said clock 

5 may be subsequently reset and said notary restarted, and a permanent 

record of said failures be kept in said notary, and said permanmt record be 
accessible from outside said notary, and that all said actions are under a system 
of access control. 

(18) Hie notary of claim (14) in which said notary further comprises means to 
parse said digital data and transform said digital data to a standard format which 
is more invariant under transcription, and to compute said notary digital 
signature using said transformed digital data in place of said untransformed 

5 digital data. 

(19) The notary of claim (14) in whidi said notary further comprises means to 
receive a user digital signature and in which said signature data includes said 
time, said digital data, and said user digital signature. 

(20) The notary of claim (14) in which said notary further comprises means to 
receive a user sequrace number and in which said signature data includes said 
time, said digital data, and said user sequence number. 

(21) The notary of claim (15) in which said notary further comprises means to 
Msure that should power to said clock fail, or should said notary fail 
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diagnostics, that a de£ault message is letumed and that said notary will no 
longer return said time and said notary digital signature. 

(22) The notary of claim (15) in which said notary further comprises means to 
ensure that should power to said clock &il, or should said clock fail system 
diagnostics, that a default message is returned to the user, and that said notary 
will not time stamp and authenticate digital documents, but in which said 
5 clock may be subsequraitly reset and the notary restarted, and a permanent 
record of the stop and start kept in said notary, and in which said permanent 
records are accessible fiom outside the notary, and that all said actions are 
under a system of acc^s control. 

^) The notary of claim (15) in which said notary further comprises means to 
parse said digital data and transform said digital data to a standard format which 
is more invariant under transcription, and to compute said notary digital 
signature using said transformed digital data in place of said untransformed 
3 digital data. 

(2A) The notary of claim (15) in which said notary further comprises means to 
receive a user digital signature and in which said signature data includes said 
time, said digital data, and said user digital signature. 

(25) Hie notary of claim (15) in which said notary furthCT comprises means to 
receive a user sequmce numb^ and in which said signature data includes said 
time, said digital data, and said user sequmce number. 

(26) The notary of claim (21) in which said notary further comprises means to 
parse said digital data and transform said digital data to a standard format which 
is more invariant under transcription, and to compute said notary digital 
signature using said transformed digital data in place of said untransformed 

5 digital data. 
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(27) The notary of claim (21) in which said notary further comprises means to 
receive a user digital signature and in which said signature data includes said 
time, said digital data, and said user digital signature. 

(28) The notary of claim (21) in which said notary further comprises means to 
receive a user sequence number and in which said signature data includes said 
time, said digital data, and said user sequence number. 

(29) The notary of claim (22) in which said notary further comprises means to 
parse said digital data and transform said digital data to a standard format which 
is more invariant under transcription, and to compute said notary digital 
signature using said transformed digital data in place of said untransformed 

5 digital data. 

(30) The notary of claim (22) in which said notary further comprises means to 
receive a user digital signature and in which said signature data includes said 
time, said digital data, and said user digital signature. 

(31) TTie notary of claim (22) in which said notary further comprises means to 
receive a user sequence number and in which said signature data includes said 
time, said digital data, and said user sequence number. 

(32) The notary of claim (26) in which said notary further comprises means to 
receive a user digital signature and in which said signature data includes said 
time, said digital data, and said user digital signature. 

(33) The notary of claim (26)in whidi said notary further comprises means to 
receive a user sequence number and in which said signature data includes said 
time, said digital data, and said user sequence number. 
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(34) The notary of claim (21) in which said notary further comprises means to 
accept a user digital signature and a user sequence number, and in which said 
signature data includes said time, said digital data, said user digital signature 
and said user sequence numb^. 

(35) The notary of claim (29) in which said notary further comprises means to 
receive a user digital signature and in whidi said signature data includes said 
time, said digital data, and said us^ digital signature. 

(36) Hie notary of claim (29) in which said notary further comprises means to 
receive a user sequence niunber and in which said signature data includes said 
time, said digital data, and said user sequrace number. 

(37) The notary of daim (22) in which said notary further comprises means to 
accept a user digital signature and a user sequence number, and in which said 
signature data includes said time, said digital data, said user digital signature 
and said user sequmce numb^. 

(38) Hie notary of claim (26) in which said notary further comprises means to 
accept a user digital signature and a user sequfflce numb^, and in which said 
signature data includes said time, said digital data, said us^ digital signature 
and said user sequence number. 

Q9) The notary of claim ^9) in which said notary further comprises means to 
accept a user digital signature and a user sequmce number, and in which said 
signature data includes said time, said digital data, said user digital signature 
and said user sequence number. 

(40) In claims 1-39 said notary in which said notary's idratification number is 
included in said signature data. 
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(41) In claims 1-40 said notary further comprises means to compute a notary 
sequence number and to include it in said signature data. 

(42) In claims Ml said digital signature computed using public key means. 
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